Thales e-security Key Isolation for Enterprises and Managed Service Providers

Transcription

1 Thales e-security Key Isolation for Enterprises and Managed Service Providers Technical White Paper May 2015

2 Contents 1. Introduction 1. Introduction Business Models Security World Protecting keys ACLs Policy Enforcement Conclusion... 9 nshield is a family of multi-purpose HSMs that provide a trusted environment for secure cryptographic processing, key protection and key management. Cryptographic keys within an enterprise are used to identify people and machines, secure internal and external communications, encrypt and tokenize data at rest, sign messages and documents as well as other use cases. It is therefore vital for any business with a reliance on cryptographic keys to have assurances and enforceable policies surrounding key usage. The nshield family of Hardware Security Modules (HSMs) provides the ability to achieve that level of assurance. By using the Security World key management framework, supported by the nshield HSM family, an organization can create for itself a structured key infrastructure that meets the dynamic and fluid demands and requirements of today. This paper demonstrates how it is possible to easily configure Security World to define a framework which permits both partitioning and multi-tenancy cryptographic key isolation strategies. page Thales e-security, Inc. All rights reserved. page 3

3 2. Business Models 3. Security World Key isolation is often a requirement in both enterprise and managed service or cloud environments. There are two different business models which have a requirement for some form of partitioning with regards to their cryptographic resources estate: Enterprise customers who have a requirement to share cryptographic infrastructure resources between applications or departments within that same enterprise. Keys should be separated to preserve the necessary isolation between applications. Managed service providers who wish to divide a given cryptographic resource between any number of distinct and independent clients such that keys for one client are not accessible by another client. This paper addresses both models, and shows just how easy it is to design, implement and enforce a policy that meets their requirements. In addition to the requirements of the business model are a number of factors to consider when assessing techniques for partitioning: Object Types: Usually users, applications, or keys. Scale: This can range from one or two enterprise users or applications to millions of keys or customers. Thales Security World addresses the age old challenge of providing strong protection for keys while at the same time ensuring they are available for use by authorized applications that are deployed over high scale, redundant and distributed server To understand the ways in which Thales nshield HSMs can be deployed to support flexible isolation environments, we first need to have a clearer understanding of some Thales Security World architecture principles. To alleviate the developer from the burden of creating a key infrastructure, Thales provides the Security World architecture which is a simple, yet flexible key architecture that can be used to contain application keys, protected in a variety of ways while also providing easy to use load-balancing and disaster recovery functionality. Thales also provides industry standard APIs such as PKCS#11 and JCE based on the Security World architecture. It is assumed when using nshield HSMs that users are utilizing this standard key infrastructure whether integrating with existing standard interfaces or bespoke applications. Security World Key A Security: What determines the true level of security? What authentication policies are protecting application key material? How are physical security controls mapped to logical controls, and vice-versa. HSM A Accessibility: What access does the hosting organization have to customers material? Within an enterprise a provider may want to provide a super-user or an administrative quorum with access to all the keys. However customers will have more trust in a public service if the provider can t access their keys. Key B With all these factors in mind, how can Thales nshield HSMs assist in the development of isolated systems for the control of keys? HSM B Key C Figure 1 - Security World as a single security domain for HSMs and application keys Practically speaking a Security World creates a single security domain for keys and objects to be securely managed that can encompass many HSMs and clients. However, an HSM can only ever be configured with a single Security World at any one time. page Thales e-security, Inc. All rights reserved. page 5

4 3.1. When generating an application key within Security World on a Thales nshield HSM, it is important that the raw key material be protected by the certified hardware of the module at all times. It is also important that the key can be loaded by authorized clients and backed up in accordance with industry best practice guidelines. The Thales Security World provides mechanisms whereby the raw application key material and various meta-data about how the key can be used -- the Access Control List (ACL) -- are cryptographically wrapped using Security World foundation keys, specifically a key called the module key (KM0). The wrapped application key can then be stored on all authorized HSM clients so that they can load the key at a later date, and can also be backed up onto recovery media since the process involves encrypting the raw key data with keys that are only available on an nshield HSM in the correct Security World. Since these wrapped application keys exist on the storage media on the authorized clients, the volume of keys that a Security World can protect is only limited by the size of the storage medium on the host, not some feature or limitation of the HSM. This neatly addresses the topic of scale in relation to isolation principles Protecting the use of keys Where controls need to be implemented for the safeguarding of application keys, Operator Card Sets (OCS) or Softcards (passphrases) can be used to authorize the loading of those keys. Physical OCS and logical softcards are collectively referred to as authentication tokens. An authentication token is associated with an application key when the application key is generated. The application key then requires the authentication token to be presented and validated before the key can be loaded onto an HSM. Once an application key has been loaded into an HSM, it can be used (ACL permitting) as often as required for approved cryptographic operations before then being programmatically or automatically unloaded. A single authentication token can be used to protect multiple application keys Softcards keys are, by default, protected by the KM0 wrapping process, however sometimes it will be necessary to implement additional security controls to ensure an application presents some form of authorization before the HSM legitimately loads the key for use. The single-factor authorization model adopted by Security World is Softcards. page 6 Softcards are really nothing more than a single passphrase, but where physical access to a smart card slot is impractical Softcards can be a practical solution to enforcing some control over when an application key is loaded OCS Quorums nshield HSMs use smart cards to provide two-factor authorization, however an OCS is not a single smart card (although it could be). An OCS is normally a set of smart cards which represent an authorized group. When created, the necessary quorum of these cards is also set. This is the number of cards from the total set that need to be presented in order to authorize the use of the keys protected by the cardset. Since individual cards are normally allocated to authorized members of a group of users (each smart card with a unique passphrase), when a cardset is authorized within the HSM, this does not represent a single user s authorization, but rather the authorization of the group to perform the requested action. The notation used to describe the quorum of the cardset is K of N, where N is the total number of card in the cardset and K (K>0) is the number of cards required to form a quorum (N>0, N<=K). So in a 2 of 5 OCS, there are 5 cards in total but only 2 of this set need to be presented to permit the loading of a key. A special property of a 1 of N OCS is that obviously only a single card need be presented (along with its passphrase). This means that no physical switching of cards in slots needs to take place which can be a practical advantage in certain conditions where you not only want to protect where an application key is loaded, but still also want to retain the Softcard advantage of restricting when it is loaded. Though this is perhaps an inferior configuration to a K of N OCS where K>1 in terms of security over availability ACLs The Access Control List (ACL) forms a significant part of the meta-data associated with a key. It is securely wrapped along with the key when the key is generated, and is protected to the same high standards as the key itself. The ACL for a given key describes what authorizations are required for a specific operation to be performed, such as other keys or tokens that should be loaded, and what other limitations are applied to the key once it is loaded (such as time-outs and number of permitted operations). Security World avoids the need for expensive backup tokens and manual key cloning. An ACL can describe a very simple scenario whereby a key can be used to encrypt and decrypt data, or can describe very complex hierarchies of keys which must be loaded (using their respective authentication tokens) before selected operations can be carried out. These ACL policies are all managed, unwrapped and enforced by the HSM natively, and as such cannot be compromised by an attacker. The ACL for a key is set when the key is generated and is not normally modifiable after that Thales e-security, Inc. All rights reserved. page 7

5 4. Policy Enforcement The concepts of Security World ACLs, OCS Quorums and Softcards are tightly bound together, and can be used in combination or isolation to meet even the most demanding security requirements or policies for a given application. With this in mind, we can now see that a key loading and usage policy is enforced by three factors: Access to the application key token If you don t have the application key token on your application server you simply cannot load that key onto a target HSM. This policy is enforced outside the HSM, by careful and deliberate synchronization of specific application across the application server estate. Token Authorization If a key is protected by an Authorizing token, such as a Softcard or an OCS, then you must present that token before you are then permitted to load the key into the HSM. This policy is enforced inside the HSM. Access Control Lists (ACL) Once the key is loaded, the key can only then be used for specific purposes and under specific conditions described in the ACL that is bundled in the application key token. Again, this policy is enforced inside the HSM. So how can these properties be used to construct an isolated security environment for our example business models of the Enterprise and the Managed Service Provider who require isolation between applications or customers? In both cases you can use individual or combinations of the following strategies:- 1) Restrict the replication of application to only those hosts that require access to use a specific application key. 2) Leverage one of the authorization token techniques (Softcard or OCS) to control when and where an application key is loaded. 3) Programmatically manipulate the ACL of a target application key token to restrict where, when and how the key can be used. By defining a policy as a combination of these strategies, you can then apply different policies to groups of application keys. It is then clear to see how Security World can not only meet a static security environment, but also one where several opposing security policies can co-exist on the same HSM or groups of HSMs. The ACL associated with an Key defines the key policy in a form an nshield HSM can strongly enforce. page Thales e-security, Inc. All rights reserved. page 9

6 5. Conclusion As previously described, there is a high degree of flexibility in the Thales Security World key management architecture which creates a fluid fit with enterprise or managed service requirements for multi-tenancy or partitioning. The nshield HSM hardware provides a safe place where keys can be loaded and used. One of the core strengths of the Security World architecture is that application are stored in an armoured format on application servers free from the confines of any particular HSM. So deciding where the application are and are not available is really the initial factor one should define when designing a framework for partitioning. By abstracting Keys, the size of the pool of available HSMs can be tuned dynamically to satisfy changing performance requirements without the need to clone application keys between HSMs. Module Protected More availability Less enforcement Softcard Protected 1 of N OCS Protected Less availability More enforcement K of N OCS Protected Figure 3 - Degrees of Availability and Enforcement via Authorizing Tokens The design and implementation of your HSM key management policies and architecture are based on your organizational needs and the balance of requirements between the need for accessibility to keys for high volume or automated usage and the security controls defining key usage that might be required by certain high assurance situations. Security World offers several flexible and mutually exclusive mechanisms to assist in this design and implementation of such an architecture. For more details about the Security World architecture, visit Figure 2 stored on hosts It is therefore better to instead conceptualize the partitioning problem less as one about containerizing the HSM, since policy enforcement of key loading and use is already trusted, but more about how the ACLs and authorization tokens are configured with application keys and most importantly how those tokens are distributed and made available to individual application hosts. page Thales e-security, Inc. All rights reserved. page 11

7 About Thales e-security Thales e-security is a leading global provider of trusted cryptographic solutions with a 40-year track record of protecting the world s most sensitive applications and information. Thales solutions enhance privacy, trusted identities, and secure payments with certified, high performance encryption and digital signature technology for customers in a wide range markets including financial services, high technology, manufacturing and government. Thales e-security has a worldwide support capability, with regional headquarters in the United States, United Kingdom, and Hong Kong. Follow us on: Thales e-security May 2015 PLB5024 Americas Thales e-security Inc. 900 South Pine Island Road, Suite 710, Plantation, FL USA Tel: or Fax: [email protected] page Asia Pacific 12 Thales Transport & Security (HK) Lt, Unit , 41/F, Sunlight Tower, 248 Queen s Road East, Wanchai, Hong Kong Tel: Fax: [email protected] Europe, Middle East, Africa Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ Tel:+44 (0) Fax:+44 (0) [email protected]